<?php
/**
*
*	后台用户管理 @zairwolf
*/
if(!defined('IN_ACP')) exit('Access Denied');

if(!$action) {
	if(in_array($pfile, array('add', 'ban', 'verify'))) $action=$pfile;
}

//新增用户
if($action=='add'){
	$tpl = new T($ptype.'_'.$pfile);
	$tpl->output();
}

//新增用户提交
if($action=='insert'){
	$name=_post('name');
	$pswd=_post('pswd');
	$email=_post('email');

	$len = rmb_strlen($name,false);
	if($len < $_SYSTEM['USER']['minlength'] || $len > $_SYSTEM['USER']['maxlength'])
		b('用户名长度应介于 '.$_SYSTEM['USER']['minlength'].' - '.$_SYSTEM['USER']['maxlength'].' 字符之间');
	if(preg_match("/\\|%|&| |\'|\"|\/|\*|,|<|>|\r|\t|\n|#/im", $name)) b('用户名中含有非法字符');
	if(!preg_match("/^\w[\w\.\-\+]*@\w[\w\-]+(\.\w+)+$/", $email)) b('请正确输入邮箱');
	//用户存在与否
	if(db_r("select * from rd8_user where name='$name' and active<>-99")) b('该用户名已被注册');
	if(db_r("select * from rd8_user where email='$email' and active<>-99")) b('该Email已被注册');

	//封禁关键词
	if(banList($name, 'name')) b('该用户名禁止注册');

	if(!$pswd) b('请填写密码');
	$cols=array(
		'name' => $name,
		'pswd'      => md5(md5($pswd)),
		'email'    => $email,
		'dateline' => TIMESTAMP,
		'active'   => !$_SYSTEM['USER']['verify'],
	);
	$id = db_i("insert into rd8_user set ".sqlcol($cols));

	
	addLog("添加用户<$name>");
	j("?ptype=$ptype&pfile=$pfile", '添加用户成功');

}

//用户编辑
if($action=='edit'){
	$id=_get('id');
	$row=db_r("select * from rd8_user where id='$id'");
	if(!$row) b('不存在此用户');
	$tpl = new T($ptype.'_'.$pfile.'_'.$action);
	$tpl->assign(html_show($row));
	$tpl->output();
}

//用户编辑提交
if($action=='update'){
	$id=_post('id');
	$name=_post('name');
	$pswd=_post('pswd');
	$email=_post('email');

	$row=db_r("select * from rd8_user where id='$id'");
	if(!$row) b('不存在此用户');
	$sql="update rd8_user set email='$email'";
	if($name){//对姓名检查
		//封禁关键词
		if(banList($name, 'name')) b('该用户名禁止注册');
		$len = rmb_strlen($name,false);
		if($len < $_SYSTEM['USER']['minlength'] || $len > $_SYSTEM['USER']['maxlength'])
			b('用户名长度应介于 '.$_SYSTEM['USER']['minlength'].' - '.$_SYSTEM['USER']['maxlength'].' 字符之间');
		if(preg_match("/\\|%|&| |\'|\"|\/|\*|,|<|>|\r|\t|\n|#/im", $name)) b('用户名中含有非法字符');
		if(db_r("select * from rd8_user where name='$name' and id<>'$id' and active<>-99")) b("用户名<b>$name</b>已存在");
		$sql.=",name='$name'";
	}
	if($pswd){
		$sql.=",pswd='".md5(md5($pswd))."'";
	}
	if(!preg_match("/^\w[\w\.\-\+]*@\w[\w\-]+(\.\w+)+$/", $email)) b('请正确输入邮箱');
	if(db_r("select * from rd8_user where email='$email' and id<>'$id' and active<>-99")) b('该Email已被注册');

	//提交
	db_q("$sql where id='$id'");
	j("?ptype=$ptype&pfile=$pfile", '编辑成功');
}

//用户删除or已禁删除
if($action=='delete'){
	$ids=_get_post('ids');
	if(!$ids) b('无删除对象');
	if(count($ids)>20) b('删除条目过多');

	db_q("update rd8_user set active=-99 where id in ('".implode("','",$ids)."')");

	j("?ptype=$ptype&pfile=$pfile", '删除成功');
}

//用户列表中進行的禁止
if($action=='listban'){
	$id=_get('id');
	if(!$id) b('无删除对象');

	db_q("update rd8_user set active=-1 where id='$id'");

	j("?ptype=$ptype&pfile=$pfile", '禁止成功');
}

//审核通过or禁止解禁
if($action=='pass'){
	$id=_get('id');
	if(!db_r("select * from rd8_user where id='$id' and active=0")) b('无此未审核用户');
	db_q("update rd8_user set active=1 where id='$id'");
	j("?ptype=$ptype&pfile=$pfile", '通过或解禁成功');
}

//审核用户列表
if($action=='verify'){
	//增加搜索功能 2009-5-15 10:10
	$email=_get('email');
	$thename=_get('thename');
	$regf=_get('regf');
	$regt=_get('regt');
	$where='';
	if($email) {
		$where .= ' AND email LIKE \'%'.$email.'%\'';
	}
	if($thename) {
		$where .= ' AND name LIKE \'%'.$thename.'%\'';
	}
	if($regf || $regt) {
		$where .= ' AND ';

		if(!$regf) {
			$where .= 'dateline <= '.strtotime($regt);
		}elseif(!$regt) {
			$where .= 'dateline >= '.strtotime($regf);
		}else {
			$where .= 'dateline >= '.strtotime($regf).' AND dateline <= '.strtotime($regt);
		}
	}

	$total=db_r("select count(*) as totalnum from rd8_user where active=0 $where");
	$pagelink=page($total['totalnum'],20,0,0);
	$list=db_rows("select id,name,email,dateline from rd8_user where active=0 $where order by dateline desc $pagelink[limit]");
	
	$tpl = new T($ptype.'_'.$pfile);
	$tpl->assign(array(
		'list'	=> html_show($list),
		'pagelink' => $pagelink['output'],
		'email' => $email,
		'thename' => $thename,
		'regf' => $regf,
		'regt' => $regt,
	));
	$tpl->output();
}

//禁止用户列表
if($action=='ban'){
	$total=db_r("select count(*) as totalnum from rd8_user where active=-1");
	$pagelink=page($total['totalnum'],20,0,0);
	$list=db_rows("select id,name,email,dateline from rd8_user where active=-1 order by dateline desc $pagelink[limit]");
	
	$tpl = new T($ptype.'_'.$pfile);
	$tpl->assign(array(
		'list'	=> html_show($list),
		'pagelink' => $pagelink['output'],
	));
	$tpl->output();
}

//用户列表
if(!$action){
	$email=_get('email');
	$thename=_get('thename');
	$regf=_get('regf');
	$regt=_get('regt');
	$where='';
	if($email) {
		$where .= ' AND email LIKE \'%'.$email.'%\'';
	}
	if($thename) {
		$where .= ' AND name LIKE \'%'.$thename.'%\'';
	}
	if($regf || $regt) {
		$where .= ' AND ';

		if(!$regf) {
			$where .= 'dateline <= '.strtotime($regt);
		}elseif(!$regt) {
			$where .= 'dateline >= '.strtotime($regf);
		}else {
			$where .= 'dateline >= '.strtotime($regf).' AND dateline <= '.strtotime($regt);
		}
	}

	$total=db_r("select count(*) as totalnum from rd8_user where active=1 $where");
	$pagelink=page($total['totalnum'],20,0,0);
	$list=db_rows("select id,name,email,dateline from rd8_user where active=1 $where order by dateline desc $pagelink[limit]");

	$tpl = new T('user_list');
	$tpl->assign(array(
		'list'   => html_show($list),
		'pagelink' => $pagelink['output'],
		'email' => $email,
		'thename' => $thename,
		'regf' => $regf,
		'regt' => $regt,
	));
	$tpl->output();
}

